[cas-dev] Clearpass DotNetCasClient Proxy Ticket error

[Scott B]

I am working on getting clearpass working with CAS.  At this point I am
unable to get a proxy ticket from CAS.  I am able to authenticate to CAS but
the GetProxyTicketFor() request causes a java.net.SocketTimeoutException on
the CAS server.

I have attached the web.config file, CAS server logs, Trace logs, and CAS
xml sections that I believe are relevant to my problem.

I have tried to run a test application based on the CAS OWA code.  I have
also attempted to run the code included in the
DotNetCasClient.Secure.GetProxyTickets.aspx.  Both projects return the same
error when requesting the proxy ticket.


Any help is much appreicated.  

thanks,

Scott B

WEB.CONFIG
===========================
    <casClientConfig
        casServerLoginUrl="https://cas.pepperdine.edu:8443/cas/login";
        serverName="https://sbolan1.pepperdine.edu";
        casServerUrlPrefix="https://cas.pepperdine.edu:8443/cas/";
        redirectAfterValidation="true"
        useSession="false"
        gateway="false"
        renew="false"
        ticketValidatorName="Cas20"
        ticketTimeTolerance="5000"
        singleSignOut="false"
        proxyGrantingTicketReceptor="true"
       
proxyCallbackUrl="https://sbolan1.pepperdine.edu/clearpass/Default.aspx";
    />


TRACE LOGS FROM .NET APPLICATION (interesting sections in bold)
===========================
2010-05-06 11:43:51,070 [1] INFO 
DotNetCasClient.Validation.AbstractUrlTicketValidator - Set
CasServerUrlPrefix property: https://cas.pepperdine.edu:8443/cas/
2010-05-06 11:43:51,086 [1] INFO 
DotNetCasClient.Validation.AbstractUrlTicketValidator - Set EncodeServiceUrl
property: False
2010-05-06 11:43:51,102 [1] INFO 
DotNetCasClient.Validation.AbstractUrlTicketValidator - Set Renew property:
False
2010-05-06 11:43:51,117 [1] DEBUG CasAuthenticationModule -
OnAuthenticateRequest:starting:Summary:
     Session: contextSession[unavailable] -- applicationSession[unavailable]
     Request: authcookie [NULL] authticket [NULL]
     Response: statusCode>200<
     Context: Context.User[NULL] 
              Thread.CurrentPrincipal[Type>GenericPrincipal< Identity[Name><
AuthenticationType>< IsAuthenticated>False]]
2010-05-06 11:43:51,117 [1] DEBUG CasAuthenticationModule -
OnAuthenticateRequest:starting with cookie[ASP.NET_SessionId]=NULL
2010-05-06 11:43:51,133 [1] DEBUG CasAuthentication -
ConstructServiceUri:return generated serviceUri:
https://sbolan1.pepperdine.edu/clearpass/Default.aspx
2010-05-06 11:43:51,148 [1] DEBUG CasAuthentication -
ConstructLoginRedirectUrl:
redirectToUrl=>https://cas.pepperdine.edu:8443/cas/login?service=https%3a%2f%2fsbolan1.pepperdine.edu%2fclearpass%2fDefault.aspx<
2010-05-06 11:43:57,758 [1] DEBUG CasAuthenticationModule -
OnAuthenticateRequest:starting:Summary:
     Session: contextSession[unavailable] -- applicationSession[unavailable]
     Request: authcookie [NULL] authticket [NULL]
     Response: statusCode>200<
     Context: Context.User[NULL] 
              Thread.CurrentPrincipal[Type>GenericPrincipal< Identity[Name><
AuthenticationType>< IsAuthenticated>False]]
2010-05-06 11:43:57,758 [1] DEBUG CasAuthenticationModule -
OnAuthenticateRequest:starting with cookie[ASP.NET_SessionId]=NULL
2010-05-06 11:43:57,773 [1] DEBUG CasAuthentication -
ConstructServiceUri:return generated serviceUri:
https://sbolan1.pepperdine.edu/clearpass/Default.aspx
2010-05-06 11:43:57,773 [1] DEBUG
DotNetCasClient.Validation.AbstractUrlTicketValidator - Validate:Constructed
validation
url:https://cas.pepperdine.edu:8443/cas/serviceValidate?ticket=ST-14-JsASdz3NAx4SUR9Uncaa-pcas&service=https%3a%2f%2fsbolan1.pepperdine.edu%2fclearpass%2fDefault.aspx&pgtUrl=https%3a%2f%2fsbolan1.pepperdine.edu%2fclearpass%2fDefault.aspx
2010-05-06 11:44:03,211 [1] DEBUG
DotNetCasClient.Validation.AbstractUrlTicketValidator - Validate:Ticket
validation server response:><cas:serviceResponse
xmlns:cas='http://www.yale.edu/tp/cas'>
        <cas:authenticationSuccess>
                <cas:user>sbolan</cas:user>


        </cas:authenticationSuccess>
</cas:serviceResponse><
2010-05-06 11:44:03,227 [1] INFO 
DotNetCasClient.Proxy.ProxyGrantingTicketStorage - ProxyGrantingTicketIou is
null, check ProxyCallbackUrl config
2010-05-06 11:44:03,227 [1] DEBUG CasAuthentication -
CreateFormsAuthenticationTicket:Incoming CAS Assertion:
ST-14-JsASdz3NAx4SUR9Uncaa-pcas
2010-05-06 11:44:03,242 [1] DEBUG CasAuthenticationModule -
OnAuthenticateRequest:starting:Summary:
     Session: contextSession[unavailable] -- applicationSession[unavailable]
     Request: authcookie [Name>.ASPXAUTH< Expires>1/1/0001 12:00:00 AM<]
authticket [name>sbolan< userdata>ST-14-JsASdz3NAx4SUR9Uncaa-pcas<
issuedate>5/6/2010 11:44:03 AM< expiration>5/6/2010 11:54:03 AM<
expired>False< ispersistent>False<]
     Response: statusCode>200<
     Context: Context.User[Type>GenericPrincipal< Identity[Name>sbolan<
AuthenticationType>Forms< IsAuthenticated>True]] 
              Thread.CurrentPrincipal[Type>GenericPrincipal< Identity[Name><
AuthenticationType>< IsAuthenticated>False]]
2010-05-06 11:44:03,242 [1] DEBUG CasAuthenticationModule -
OnAuthenticateRequest:starting with cookie[ASP.NET_SessionId]=NULL
2010-05-06 11:44:03,289 [1] DEBUG DotNetCasClient.Security.CasPrincipal -
GetProxyTicketFor:No ProxyGrantingTicket was supplied --> returning null



CAS SERVER LOGS
===========================
2010-05-06 11:43:57,064 INFO
[org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler] - Search for
sAMAccountName=sbolan returned 0 results.
2010-05-06 11:43:57,783 INFO
[org.jasig.cas.CentralAuthenticationServiceImpl] - Granted service ticket
[ST-14-JsASdz3NAx4SUR9Uncaa-pcas] for service
[https://sbolan1.pepperdine.edu/clearpass/Default.aspx] for user [sbolan]
2010-05-06 11:44:02,986 ERROR [org.jasig.cas.util.HttpClient] -
java.net.SocketTimeoutException: connect timed out
java.net.SocketTimeoutException: connect timed out
        at java.net.PlainSocketImpl.socketConnect(Native Method)
        at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:333)
        at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:195)
        at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:182)
        at java.net.Socket.connect(Socket.java:524)
        at sun.net.NetworkClient.doConnect(NetworkClient.java:152)
        at sun.net.www.http.HttpClient.openServer(HttpClient.java:388)
        at sun.net.www.http.HttpClient.openServer(HttpClient.java:523)
        at sun.net.www.protocol.https.HttpsClient.<init>(HttpsClient.java:278)
<removed>
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        ... 39 more


CAS XML
===========================


          <init-param>
             <param-name>allowedProxyChains</param-name>
            
<param-value>https://sbolan1.pepperdine.edu/clearpass/Default.aspx</param-value>
          </init-param>

Activated at runtime as the of time in this log:
2010-05-05 16:33:23,491 INFO
[org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter]
- Property [allowedProxyChains] loaded from FilterConfig.getInitParameter
with value [https://sbolan1.pepperdine.edu/clearpass/Default.aspx]

-- 
View this message in context: 
http://jasig.275507.n4.nabble.com/Clearpass-DotNetCasClient-Proxy-Ticket-error-tp2133333p2133333.html
Sent from the CAS Developers mailing list archive at Nabble.com.

-- 
You are currently subscribed to cas-dev@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-dev